A Chinese threat group, Mustang Panda, is likely behind a recent series of cyber-espionage attacks. The attacks give the hackers remote access to victim machines. The operations begin with a malicious email, ultimately using Visual Studio Code to disperse Python malware. This malware gives the actors access to the infected machines. In the campaign, a .lnk file is disguised as a Python setup file. In reality, the file is running a malicious Python script. While Mustang Panda is not definitively behind the operation, researchers found Chinese-language elements in the attacks. The tactics, techniques, and procedures (TTPs) used in the attacks also resemble those used by Mustang Panda. 

Read more: https://www.darkreading.com/endpoint-security/python-malware-slithers-legit-vs-code